Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-25 | CVE-2024-8658 | Missing Authorization vulnerability in Mycred The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the mycred_update_database() function in all versions up to, and including, 2.7.3. | 5.3 |
| 2024-09-25 | CVE-2024-6590 | Missing Authorization vulnerability in Javmah Spreadsheet Integration The Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. | 4.3 |
| 2024-09-25 | CVE-2024-8349 | Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0.1. | 7.2 |
| 2024-09-25 | CVE-2024-8350 | Missing Authorization vulnerability in Uncannyowl Uncanny Groups for Learndash The Uncanny Groups for LearnDash plugin for WordPress is vulnerable to user group add due to a missing capability check on the /wp-json/ulgm_management/v1/add_user/ REST API endpoint in all versions up to, and including, 6.1.0.1. | 2.7 |
| 2024-09-25 | CVE-2024-8434 | Missing Authorization vulnerability in Themehunk Mega Menu The Easy Mega Menu Plugin for WordPress – ThemeHunk plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX in all versions up to, and including, 1.0.9. | 4.3 |
| 2024-09-25 | CVE-2024-8437 | The WP Easy Gallery – WordPress Gallery Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions hooked via AJAX like wpeg_settings and wpeg_add_gallery in all versions up to, and including, 4.8.5. | 4.3 |
| 2024-09-24 | CVE-2024-8432 | Missing Authorization vulnerability in Webba-Booking Webba Booking The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() function in all versions up to, and including, 5.0.48. | 4.3 |
| 2024-09-18 | CVE-2022-25768 | Missing Authorization vulnerability in Acquia Mautic The logic in place to facilitate the update process via the user interface lacks access control to verify if permission exists to perform the tasks. | 6.5 |
| 2024-09-13 | CVE-2024-7888 | Missing Authorization vulnerability in Radiustheme Classified Listing - Classified ADS & Business Directory The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions like export_forms(), import_forms(), update_fb_options(), and many more in all versions up to, and including, 3.1.7. | 4.3 |
| 2024-09-11 | CVE-2024-7721 | Missing Authorization vulnerability in Bplugins Html5 Video Player The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. | 4.3 |